- Microsoft Azure (Virtual Machine)
- Remote Desktop
- Active Directory Domain Services
- Windows Server 2022, 2vCPUs, 8GM RAM
- Windows 10 Pro (22H2), 2vCPUs, 8GB RAM
- Step 1: Install Active Directory
- Step 2: Create a Domain Admin user for the domain
- Step 3: Join client-1 to domain
Before deploying Active Directory, we'll need to install 2 VMs on Azure. One will be a Windows Server for the domain controller and the other will be a Windows Pro machine acting as a client. We will name the server machine DC-1 and the client machine Client-1. We also need to make sure that both of these machines are on the same virtual network.
Once that's done, we'll log into DC-1:
The Server manager should automatically load up if not click on Start and you should see the Server Manager icon. Click on Add roles and features, and accept the defaults until Select Server Roles. We'll select Active Directory Domain Services.
After installation is complete, go back to the Server manager and click on the flagged icon in the top right. Then, click on the link that says to promote this server to a domain controller.
In the deployment configuration, click on Add a new forest. You can name this domain anything you like but for this tutorial we'll input mydomain.com.
Click next. Where it says to put in Directory services restore mode password, you can put in anything you like. Continue with the configuration. Once finished, you will be automatically signed out of the machine as Active Directory completes installation.
Now, we'll try to log into our Client-1 machine. If you try to login with your usual credentials, it will fail since no domain is specified as we just set up DC-1 as the domain controller. So to log into the machine, we need specify the domain like so: mydomain.com(username), and then enter the password.
Once done, we log back into the DC-1 machine. The next step is to create a Domain admin user within the domain. This user will be an admin of the entire domain of users. We'll click on Start -> Windows Administrative Tools -> Active Directory Users and Computers. Now, right click on mydomain.com -> New -> Organizational Unit (OU).
We can name the new OU _EMPLOYEES and we will create another one called _ADMINS. Next, we'll create an admin user. Right click on _ADMINS -> New -> User. We'll name this admin user Jane Doe, with as username of jane_admin. Set whatever password that you wish and make sure to keep a note of it.
Although Jane Doe is in a OU called _ADMINS, she technically is not yet a Domain admin because she does not have those permissions yet. So to do this, we click on _ADMINS and check to see that Jane Doe is there. Right click on Jane Doe -> Properties -> Member Of. Then type in Domain Admins in the input box. Click on Check names, then OK and apply these settings.
Now we'll need to change Client-1's DNS servers such that they point to the private IP address of DC-1
Log back into Client-1 as Jane, be sure to do mydomain.com\ before the username. Right click on the Start menu -> Settings -> Rename this PC (advanced). Then under Computer Name click on Change and in Domain, type mydomain.com and OK.
You will have to restart Client-1 for these changes to take effect. So do that and go back to DC-1. We'll verify if Client-1 has joined the domain. While still on Active Directory Users and Computers, click on mydomain.com and the Computers and you should see Client-1 there.
